1   /**
2    * Copyright (c) 2000-2009 Liferay, Inc. All rights reserved.
3    *
4    *
5    *
6    *
7    * The contents of this file are subject to the terms of the Liferay Enterprise
8    * Subscription License ("License"). You may not use this file except in
9    * compliance with the License. You can obtain a copy of the License by
10   * contacting Liferay, Inc. See the License for the specific language governing
11   * permissions and limitations under the License, including but not limited to
12   * distribution rights of the Software.
13   *
14   * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
15   * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16   * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
17   * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
18   * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
19   * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
20   * SOFTWARE.
21   */
22  
23  package com.liferay.portal.security.pwd;
24  
25  import com.liferay.portal.PortalException;
26  import com.liferay.portal.SystemException;
27  import com.liferay.portal.UserPasswordException;
28  import com.liferay.portal.model.PasswordPolicy;
29  import com.liferay.portal.model.User;
30  import com.liferay.portal.service.PasswordTrackerLocalServiceUtil;
31  import com.liferay.portal.service.UserLocalServiceUtil;
32  import com.liferay.portal.util.PropsValues;
33  import com.liferay.portlet.words.util.WordsUtil;
34  import com.liferay.util.PwdGenerator;
35  
36  import java.util.Date;
37  
38  /**
39   * <a href="PasswordPolicyToolkit.java.html"><b><i>View Source</i></b></a>
40   *
41   * @author Scott Lee
42   */
43  public class PasswordPolicyToolkit extends BasicToolkit {
44  
45      public String generate() {
46          if (PropsValues.PASSWORDS_PASSWORDPOLICYTOOLKIT_GENERATOR.equals(
47                  "static")) {
48  
49              return PropsValues.PASSWORDS_PASSWORDPOLICYTOOLKIT_STATIC;
50          }
51          else {
52              return PwdGenerator.getPassword();
53          }
54      }
55  
56      public void validate(
57              long userId, String password1, String password2,
58              PasswordPolicy passwordPolicy)
59          throws PortalException, SystemException {
60  
61          if (passwordPolicy.getCheckSyntax()) {
62              if (!passwordPolicy.getAllowDictionaryWords() &&
63                      WordsUtil.isDictionaryWord(password1)) {
64  
65                  throw new UserPasswordException(
66                      UserPasswordException.PASSWORD_CONTAINS_TRIVIAL_WORDS);
67              }
68  
69              if (password1.length() < passwordPolicy.getMinLength()) {
70                  throw new UserPasswordException(
71                      UserPasswordException.PASSWORD_LENGTH);
72              }
73          }
74  
75          if (!passwordPolicy.getChangeable()) {
76              throw new UserPasswordException(
77                  UserPasswordException.PASSWORD_NOT_CHANGEABLE);
78          }
79  
80          if (userId != 0) {
81              if (passwordPolicy.getChangeable()) {
82                  User user = UserLocalServiceUtil.getUserById(userId);
83  
84                  Date passwordModfiedDate = user.getPasswordModifiedDate();
85  
86                  if (passwordModfiedDate != null) {
87  
88                      // LEP-2961
89  
90                      Date now = new Date();
91  
92                      long passwordModificationElapsedTime =
93                          now.getTime() - passwordModfiedDate.getTime();
94  
95                      long userCreationElapsedTime =
96                          now.getTime() - user.getCreateDate().getTime();
97  
98                      long minAge = passwordPolicy.getMinAge() * 1000;
99  
100                     if ((passwordModificationElapsedTime < minAge) &&
101                         (userCreationElapsedTime > minAge)) {
102 
103                         throw new UserPasswordException(
104                             UserPasswordException.PASSWORD_TOO_YOUNG);
105                     }
106                 }
107             }
108 
109             if (PasswordTrackerLocalServiceUtil.isSameAsCurrentPassword(
110                     userId, password1)) {
111 
112                 throw new UserPasswordException(
113                     UserPasswordException.PASSWORD_SAME_AS_CURRENT);
114             }
115             else if (!PasswordTrackerLocalServiceUtil.isValidPassword(
116                         userId, password1)) {
117 
118                 throw new UserPasswordException(
119                     UserPasswordException.PASSWORD_ALREADY_USED);
120             }
121         }
122     }
123 
124 }